CVE-2025-15605
Received Received - Intake
Hardcoded Key in TP-Link Archer NX Series Enables Config Data Tampering

Publication date: 2026-03-23

Last updated on: 2026-03-31

Assigner: TPLink

Description
A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the confidentiality and integrity of device configuration data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-23
Last Modified
2026-03-31
Generated
2026-06-16
AI Q&A
2026-03-23
EPSS Evaluated
2026-06-14
NVD
CVE-2025-15605
EUVD
EUVD-2025-208943
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
tp-link archer_nx600_firmware to 1.3.0 (exc)
tp-link archer_nx500_firmware to 1.5.0 (exc)
tp-link archer_nx210_firmware to 1.3.0 (exc)
tp-link archer_nx200_firmware to 1.3.0 (exc)
tp-link archer_nx600_firmware to 1.4.0 (exc)
tp-link archer_nx500_firmware to 1.3.0 (exc)
tp-link archer_nx200_firmware to 1.8.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-321 The product uses a hard-coded, unchangeable cryptographic key.
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves a hardcoded cryptographic key in the configuration mechanism of certain TP-Link Archer devices (NX200, NX210, NX500, and NX600). Because the key is hardcoded, an authenticated attacker can use it to decrypt the device's configuration files, modify them, and then re-encrypt them. This compromises the confidentiality and integrity of the device's configuration data.

Impact Analysis

The vulnerability allows an authenticated attacker to access and alter the device's configuration data. This can lead to unauthorized changes in device settings, potentially disrupting network operations, weakening security controls, or exposing sensitive configuration information. The compromise of confidentiality and integrity of configuration data can result in broader security risks within the affected network.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15605. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart